Category Archives: Fraud, Waste and Abuse Detection Systems - Page 2

Detailed Planning is the Key to Successful Fraud Auditing

CoffeeMugIt’s difficult to believe that it’s already October! The 2014 Chapter year has flown by and has been extremely good for all of us with twenty new members nationwide and three very successful live Chapter training events!

Something Dr. Doug Ziegenfuss said about fraud audit planning during our session on Ethics 2014 for CPA’s and Fraud Examiners struck me as being worthy of a post.   Considering the various techniques internal audit organizations are using to fight fraud, Doug singled out the use of specialty audit software like ACL as critical to the success of analytics based programs, critical if the modern control assurance enterprise is to have even a hope of being ultimately successful.   But just having software isn’t in itself enough. It’s true that audit analytics can quickly examine large files and flag the digital markers of potentially fraudulent activity to help auditors of all kinds work more effectively and efficiently. But any tool is only as effective as the planning for its use allows it to be.

As we fraud examiners are painfully aware and the news media daily attest, evidence of on-going fraud often resides deep in an organization’s data.  Unfortunately, these schemes often go undetected for months or even years, draining evermore revenue from the organization.  Dr. Doug’s point is that this is often the case because of superficial audit planning.  Development of a risk based audit program is no easy task but there is no alternative if the auditing effort is going to be more than a superficial light dusting of the control structure.  Risk based programs with emphasis on analytics are based on the preparation of descriptive system narratives, detailed workflow diagrams, and risk assessments; hard work on the front end but, if comprehensive,  not as difficult to update and maintain over the long run as many auditors think.

As we’ve said in post after post on this blog, leveraging fraud identification technology should always be directed at the solving of the business problem of fraud revelation, control and eradication rather than at acquiring technology for technologies sake.  The effort requires a clear assessment of the entire audit life cycle of the organization to find ways to use technology to enable a reasonable level of measurable efficiency.  It’s up to the chief audit executive (CAE) and the audit committee (if there is one) to ensure that audit analytics are leveraged to achieve well defined goals built on a solid foundation of key risk measures.

Once data analytic targets are established, the specific analytic technology audit management has selected can be used to extract, scrub, and analyze data for a variety of anomalies and fraud scenarios.  Any chosen analytic solution should always provide independent access to source data, minimizing the need for the organization’s IT department to intervene and simultaneously protecting network integrity.  As a key component of fraud audit strategy, the independent assurance effort should strive to have each of its audits include enough analytics based tests to pinpoint such anomalies as indication of segregation of duties conflicts, transactions modified to avoid approval or authorization, funds leakage, inappropriate payments and a whole host of abuse of corporate assets related frauds.

The fact that every organization has unique data issues is another reason for instituting a program of long range audit planning. As every auditor knows, a data series cannot be validated in a vacuum; it must be tied to another series to ensure its accuracy.  Organizational data idiosyncrasies and patterns mean that data validation is crucial to the success of the audit analysis effort.  This is where Certified Fraud Examiner’s (CFE) experience with fraud audit analysis and audit technology becomes especially valuable to the organization’s analytics program.  Once the audit team has documented the nuances of the organization’s data, an experienced CFE can assist the team in the development of a fraud-indicator approach that weights audit test results based on their propensity for fraud.  Transactions or vendors flagged in multiple tests, for example, rank as a higher review priority than a lower-risk anomaly that appears only once such as an invoice submitted on the weekend or vendor payments directed to post office boxes.

Detailed audit planning of analytic supported reviews is the key to success for every organization eager to strengthen internal controls in the modern distributed computing environment. Fraud audit analytics minimizes sampling risk and promotes efficient, highly focused audit practices.  Only if properly planned for can such anti-fraud solutions provide full population-visibility and the power to uncover small anomalies in the virtual ocean of data, casting a wider net to more effectively fight deeply buried instances of fraud, waste and abuse.

The Masquerade – There Will Be Fraud

west_indian_day_carnival“We are honored to have this guest post from our Richmond Chapter member, Rumbi Bwerinofa, CPA/CFF. Rumbi is a Director of the Queens/Brooklyn Chapter of the New York State Society of CPAs and a member of the NYSSCPA Litigation Services Committee. She is the editor of, where she discusses financial forensic issues.”

My husband is working on a photographic project, documenting the New York City West Indian-American Day Carnival. This Carnival, also called the Labor Day Parade, is, arguably, the largest parade, street fair or festival in North America, with estimates of between one and three million people attending the festivities. It certainly is the biggest cultural event of the year. With thousands of participants involved in being parts of parading groups, bands and floats, preparations for the Carnival begin months in advance of the big day. Last Friday my husband invited me to attend a Mas Camp with him. I went along, completely clueless about what a Mas Camp is and what happens when people go to a Mas Camp. It was a great opportunity to tag along and get a sense of what he has been doing. Plus, I love Caribbean cuisine and he had promised dinner.

I learned that the parade is made up of floats surrounded by teams of costumed revelers that are known as masqueraders. The floats and masqueraders are dressed and decorated according to a theme and together they form a masquerade band, or mas band. In the months before Carnival, the band leaders set up a mas camp where people can sign up to be part of the mas band and order costumes. As I walked around the couple of mas camps that I visited, I saw various masquerade costumes on display with prices disclosed on signs close by. In addition to time and effort, people invest a substantial amount of money into their costumes and being a part of a mas band. Costumes run into the hundreds and, for some, thousands of dollars. For that kind of money, the revelers expect to receive a well-made costume that looks like the advertised version that they ordered and to be a part of a band that parades down Eastern Parkway in this celebration of Caribbean history and culture. But, where there is money, there will be fraud.

As I marveled at the themes, costumes and their prices, I noticed a yellow sign hanging on the entrance to the mas camp, which was a store front. The man giving us the tour of the mas camp explained that it was their certificate. The West Indian-American Caribbean Day Association (WIADCA) organizes and holds the Carnival. Mas band leaders attend meetings called by WIADCA and police precincts where they are told the rules and regulations of the parade, in order to preserve the spirit and safety of the parade. Mas bands are registered with WIADCA and issued certificates that they must hang in a visible location. This is so that, before anyone spends money at mas camp, they can check to make sure they are with a valid mas band and not a scam out to take their money and run. The certification gives assurance that the mas band will meet certain standards, will produce their costume and will be there on Labor Day morning for the march up Eastern Parkway. People can check with WIADCA, who keeps a register of all certified mas bands and they can also take complaints to WIADCA who in turn can discipline or decertify mas bands that do not abide by the rules and regulations.

This is the way it works with CPAs and credentialed forensic accountants. When a person seeks the services of a qualified professional, getting their word or seeing a lot of framed certificates is all well and good, but it must all be backed up by something that can be verified. The professional bodies that govern these credentials have a code of conduct and professional standards that forensic accountants must abide by. The bodies also have coursework and testing that must be taken to attain and maintain the credential. These professional designations also have continuing education requirements to help ensure that a person holding a particular credential is up to date on the knowledge and experience required by the designation. You know how, on television, cops knock on someone’s door and flash their badges and how, sometimes, a person yells, “I want your badge number”? Well, the same goes for credentialed forensic accountant. Whether that forensic accountant is Certified in Financial Forensics (CFF), a Certified Fraud Examiner (CFE) or holds a different forensic specialization, that credential will have its own unique number that has been issued by the governing authority. This means that if someone claims to be a CFE, you can verify their information with the Association of Certified Fraud Examiners and confirm that they are accredited and that their credential is currently active. If you cannot independently verify their qualifications, then you shouldn’t trust them with your money or with investigating any financial forensic matter.

There are several advantages to working with a credentialed forensic accountant:

  • You can consult the standards and areas of expertise covered by the credentialing body and find out what body of knowledge your forensic specialist possesses. In this way you can focus on retaining the services of the right type of expert.
  • Should your expert provide substandard services, you can take your complaints to the credentialing body, which will investigate and resolve your issue.
  • Knowing that they could face disciplinary action, including suspension or revocation of their credential, is an incentive for the certified forensic accountant to behave in an ethical and professional manner, per the rules and regulations of their credential issuing body.
  • If you have a matter that ends up in court, having an expert witness who holds credentials that are pertinent to the matter at hand tends to hold weight with the judge and jury and lend more credibility to the testimony of the expert. I mean, when receiving a diagnosis, who would you trust – a doctor or someone who watches a lot of medical shows?

So, be it dancing and celebrating as a masquerader at Carnival or having a financial forensic matter investigated, don’t you want to be sure you are placing your investment and trust in the right hands?

Ponzi or Pyramid?

file-folders-4One question I get over and over again, especially when giving presentations on common frauds and scams to senior citizen groups  is, “What’s the difference between a Ponzi scheme and an illegal pyramid?”  Which is certainly an understandable question since seniors are prime targets for investment scams of all kinds.

Both Ponzi’s and pyramids use the money of investors to make promised payoffs to other investors.  But they’re run very differently by their promoters and legally they’re prosecuted under different laws.  A very important distinction to make is between legal and illegal pyramid schemes.  Ponzi schemes and illegal pyramids are the same, only somewhat different.

The promoter of an illegal pyramid generates revenue by continually recruiting new members.  The different operations may offer goods or services for sale, but it’s important to keep in mind that the only significant revenues come from new recruitments.  Some legitimate sales companies use a pyramid structure to rank their employee-owners and calculate their compensation.  So when does a legal pyramid structure become illegal?   That happens when the company makes its money primarily by recruiting people.  Instead of selling a product or service, the group deals primarily in new memberships.   Joining the group allows the new member to profit by personally signing up new members.  The process continues until the available pool of new members is drained, which always happens a lot faster than most people think.

As a rule of thumb, courts in the U.S. apply the 70% rule.  This requires that at least 70 percent of the distributor’s profit come from actual retail sales.  Is this rule hard to verify?  You bet.  Distributors often sign falsified compliance statements because promoters warn that if they don’t authorities will shut the whole thing down and everyone will lose.  So the bottom line as to legality hinges on what the pyramid operators emphasize… if the company emphasizes the recruitment of new members over the sale of products, and if the only way to recognize the promised return is through additional recruitment, then the operation will likely be classified as an illegal pyramid.

Illegal pyramids are promoted as pyramids… Ponzi schemes are promoted as investment opportunities.  The key element in the Ponzi is that initial investors are paid with subsequent investors’ money.  There is little, if any, legitimate commerce.  In an illegal pyramid no one is really selling that much of the product; they’re coaxing new people to put up money.  The original members of the pyramid get rich on subsequent investors’ money…so, a pyramid is a Ponzi scheme.  Is a Ponzi scheme a pyramid?  In the sense that it requires exponential growth to avoid a collapse, a Ponzi scheme is a pyramid scheme.  The difference is that in a pyramid scheme, each member financially gains from personally recruiting additional members, but in a Ponzi scheme, all proceeds are pooled and participants are not directly rewarded for recruiting additional members.

Setting Up the Client Data Mine to Screen Out Fraud, Waste and Abuse

The process of developing a data warehouse of client information is a critical first step in the data mapping and data mining effort that has proved a challenge for fraud examiners and auditors setting out to utilize these tools for the first time.  Consider what we’d need if we were thinking about taking a vacation involving a long road trip.  First, we’d need some kind of vehicle to drive; we can’t really determine what kind of vehicle we need until we know how many people will be going with us (entities about which we’ll be storing information).   Then we’re going to need a roadmap (the data) to guide our trip.  We also need to be prepared for unforeseen events (data anomalies) along the way that don’t appear on the map.  Then, once we arrive at each of the various milestones along the way, we take in information from that stage of the journey and re-evaluate our route…it’s an on-going process.

So we can think of the implementation of a data mapping and data mining effort for fraud examination as an on-going process built on a foundation of operational or managerial auditing procedures; the process involves defining the data elements to be gathered, the collection of the data, the design of the tables and decision trees in which the data will be stored and processed by queries, and the on-going surveillance of the data.  The pre-condition here is that the data flows continuously as in health care, billing or quarterly updated financial applications.

Once a warehouse had been appropriately mapped and data mining activated, the ongoing activity is surveillance.  This is where auditor judgment proves critical.  Finding patterns in the on-going flow of data indicative of the presence of scenarios linked to fraud, waste and abuse is a skill which can be developed only over time and through experience with what “normal” data for the entity under surveillance should look like… how, in the company environment, should normal data look and what makes this data look “abnormal”?

This analysis is not a one-time event but an ongoing, constantly evolving tool for efficiently obtaining the intelligence to identify fraud and then alter controls to prevent such transactions from being processed in the future.  We’re not looking to recoup the losses from identified past fraud scenarios (pay and chase) so much as we’re looking to adjust our systems and controls through edits to prevent the data associated with such scenarios from even being processed in the future.

Simply put, we need to identify the anomalous output and study the hidden patterns associated with each anomaly; document the sequence of events leading to the offense; identify potential perpetrators; document the loss; and finally, adjust system edits so that the  processing pattern associated with the fraud does not recur.


October 17, 2012 AGA-ACFE Joint Fraud & Technology Seminar

October 17,2012 AGA-ACFE Joint Fraud & Technology Seminar

This year’s joint seminar between the Richmond Chapter of the Association of Governmental Accountants and the Central Virginia Chapter of the Association of Certified Fraud Examiners featured a full program of presentations by eight practitioners on topics related to the intersection between accounting, fraud examination and applied financial technology.

The Seminar Agenda and Speaker’s List

Following opening remarks by Al Subramanian – AGA President and Charles Lawver – ACFE President, the morning session commenced.

Mike Morehart, the newly appointed State Inspector General for Virginia presented on the topic of the “New Office of the Inspector General”.  The statewide office of the Inspector General is an innovation new to Virginia, the success of which will require the involvement of all levels of Virginia government.

David McGinnis of the U.S. Postal Service presented on the topic of  “Consumer Fraud Awareness”.   The postal service is being used by a host of different types of criminals to facilitate numerous fraud schemes associated with money laundering, frauds targeting the elderly and work at home scams.

 Howard Mulholland of the Virginia Office of the Attorney General and Detective  Timothy J. Ortwein of the Loudoun County Sheriff’s Office presented on the Dianna Atari mortgage fraud case.  This complex investigation involved the manipulation of hundreds of loan transactions made to legitimate and illegitimate mortgage borrowers as well as credit improvement and bank fraud manipulations.

Special Agent Shawn Monaghan (no photograh) of the Fairfax County Police Department discussed the money laundering aspects of the Virginia illegal drug trade as well as emerging trends in the investigation of narcotics networks nationally, in Mexico and in the Commonwealth.

 Special Agent Denise Ashley – NICB Major Medical Task Force presented various automated tools made available to law enforcement and to state agencies free of charge to battle fraud, waste and abuse in the insurance industry.

Walter Kucharski, retiring Virginia State Auditor of Public Accounts, presented on the topic, “The APA – Fraud Prevention and Risk Management.”

Charles W. Lawver, 2012-2013 President of the Central Virginia Chapter of the Association of Certified Fraud Examiners, spoke on the topic of “Medicaid Fraud Waste and Abuse Detection Systems – Data Mining & Data Analytics.”

Ignorance of Fraud Makes Fraud Easy – Pod Cast

Auditors of all kinds as well as government regulators are exhorted by congressional committees on C-Span every other week to be leaders in fraud and irregularity prevention, especially with regard to the financial and trading irregularities committed by the personnel of too-big-to-fail banking and investment firms. They are told to design tighter control systems to identify fraud and wrong doing in the cradle, before it has a chance to get out of hand and result in another JP Morgan Chase size embarrassment. This suggested strategy is, at best, a band-aid solution to a large and pervasive problem. Business activity is built on the trust that people at all levels will do their jobs properly…control systems are a two edged sword because, in the extreme, they can strangle any business in layers of bureaucracy while preventing the targeted  wrong-doing.

It’s sad that among all the talk of more regulation and yet more controls piled on existing controls, one of the most effective fraud deterrents of all is consistently under emphasized…fraud awareness education. Study after study has revealed that it’s ignorance of fraud itself, among business people and the general public alike, that makes fraud so ridiculously easy to commit. Victim education is the most effective of fraud deterrence tools and one of the cheapest to implement.  The more educated eyes there are on any transaction, or group of transactions, the harder it is for the fraudster or waster to go undetected.

The following pod cast was adapted from the presentation of a guest speaker at our Chapter’s recent joint conference with the Association of Government Accountants. I hope you enjoy it…

Ignorance of Fraud Makes Fraud Easy – Pod Cast

What is a Fraud, Waste and Abuse Detection System (FADS)?

BusinessMeet2Fraud and abuse detection technology (FADS) processes (or data mines) large amounts of information stored in data warehouses to identify patterns, associations, clusters, outliers and other red flag phenomena that indicate the presence of fraud and abuse.  A key characteristic of this technology is the use of “learning experiences” where findings from previous analyses are integrated into the next round of tests to search for potentially fraudulent activities.

FADS technology detects these activities using three principal methodologies: 1) a vendor centric methodology to identify vendors consistently submitting suspicious invoices (as in a system targeting vendor billing), an invoice centric methodology to identify patterns within invoices indicative of fraud and abuse (without linking the invoices to specific vendors) and 3) a predictive modeling algorithm to identify previously undetected fraudulent activities.

The predictive modeling algorithm scores newly received  invoices based on their deviance from vendor peer group norms. Additional functions performed by FADS systems include the ability to identify emerging criminal schemes using generalizations from previous analyses and tests, the generation of ad hoc reports to increase accounts receivable program oversight, and the ability to add software programming updates as needed to improve detection capabilities.

FAD systems are successfully applied to virtually every business process with a large volume of activity and  which is supported by large scale storage of digitized historical data.

One type of FAD is a Medicaid or Medicare Fraud and Abuse Detection System (MFAD). Some examples of the types of medical provider insurance claims testing such a system might continuously perform are:

–creation of  a statistical model of each claim type (the normal claim) to compare with all medical provider claims processed to identify “abnormal” claims;

–run each claim through a comprehensive series of tests and statistical analysis configured for each claim type;

–identify improper payments;

–incorporate findings and experience on an on-going basis to continually improve results;

–identify medical providers and patients engaged in fraud, waste and abuse.